CVE-2019-3728

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

7.5HIGH

EPSS

0.6%

top 29.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell RSA Bsafe Crypto-c Micro Edition Dell RSA Bsafe Micro Edition Suite Dell Bsafe Crypto-c-micro-edition +3 more

Timeline

PublishedSep 30

Latest updateMay 24

Description

RSA BSAFE Crypto-C Micro Edition versions from 4.0.0.0 before 4.0.5.4 and from 4.1.0 before 4.1.4, RSA BSAFE Micro Edition Suite versions from 4.0.0 before 4.0.13 and from 4.1.0 before 4.4 and RSA Crypto-C versions from 6.0.0 through 6.4.* are vulnerable to an out-of-bounds read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶NVDdell/bsafe_crypto-c-micro-edition4.0.0 — 4.0.5.4+1

▶CVEListV5dell/rsa_bsafe_crypto-c_micro_edition4.0.0.0 — 4.0.5.4+1

▶NVDdell/bsafe_micro-edition-suite4.0.0 — 4.0.13+1

▶CVEListV5dell/rsa_bsafe_micro_edition_suite4.0.0 — 4.0.13+1

▶NVDdell/bsafe_crypto-c6.0.0 — 6.4

🔴Vulnerability Details

GHSA

GHSA-g6qh-mc7h-56g2: RSA BSAFE Crypto-C Micro Edition versions prior to 4↗2022-05-24

▶

CVEList

CVE-2019-3728: RSA BSAFE Crypto-C Micro Edition versions from 4↗2019-09-30

▶